| From: | Richard Huxton <dev(at)archonet(dot)com> |
|---|---|
| To: | vernonw(at)gatewaytech(dot)com, pgsql-sql(at)postgresql(dot)org |
| Subject: | Re: Special characters in SQL queries |
| Date: | 2003-03-12 09:44:41 |
| Message-ID: | 200303120944.42009.dev@archonet.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-sql |
On Wednesday 12 Mar 2003 3:28 am, Vernon Wu wrote:
> Thank Christoph for your information.
>
> I don't program in C at all, but Java. Although I can make a way to call
> the C library function from Java, it isn't suitable solution, I believe.
>
> I only desire to find out all the type of characters at the present time so
> that I can strip out any potential problem sources in text. Who know what
> characters a user will enter.
Don't do Java myself, but I can't believe the JDBC (or whatever) classes don't
do this for you. In any case, you can look at the code for the C function -
it should be fairly obvious what characters it's working on.
If you do want to write your own, it's best not to strip certain characters,
but rather to list those you will allow through. That way if you miss
something it's a bug report rather than a security hole.
--
Richard Huxton
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jules Alberts | 2003-03-12 10:03:35 | filtering out doubles |
| Previous Message | Susan Hoddinott | 2003-03-12 09:11:19 | Using update statements in create function statements |